The weblog of the Journal of Intellectual Property Law and Practice. Here's where editorial panellists, readers and contributors can come together and share their view on all aspects of IP law and practice

Journal of Intellectual Property Law & Practice (2012), doi: 10.1093/jiplp/jps005, first published online: January 30, 2012

Directive 2006/24 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks does not preclude the application of a national provision, based on Directive 2004/48 on the enforcement of IP rights, according to which an internet service provider (ISP) may be ordered to give a copyright holder information on a subscriber in civil proceedings, provided that this information should have been preserved to be communicated and used for this purpose in accordance with detailed national legislation complying with EU law on the protection of personal data.

Legal context

A preliminary reference to the ECJ from the Swedish Supreme Court deals with the ability of copyright owners to obtain details about the identity of users connected to a certain Internet Protocol address which was used to infringe copyright.

Directive 95/46, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, was adopted to protect the rights and freedoms of persons with respect to the processing of personal data by laying down guidelines determining when this processing is lawful.

Directive 2002/58, concerning the processing of personal data and the protection of privacy in electronic communications, imposed on Member States the obligation to ensure the confidentiality of communications made over a public electronic communications network. Article 15(1) provided for the possibility for Member States to derogate from that principle of confidentiality, including under certain conditions the retention of, and access to and use of, data for law enforcement purposes.

Lastly, Directive 2006/24 imposed on Member States an obligation for providers of publicly available electronic communications services and public communication networks to retain communication data for the purpose of the investigation, detection, and prosecution of serious crime, as defined by each Member State in national law. It also amended Directive 2002/58 by stipulating that Article 15(1) does not apply to data retained under Directive 2006/24.

Directive 2004/48 provides a legal framework to combat infringements of IP rights. Article 8 of that Directive provides, in particular, that judicial authorities may order that information concerning the origin and distribution networks of the goods or services which infringe an IP right shall be provided by the infringer and/or any other person who possessed, used, or was involved in the production of the goods or services. This information may include the names and addresses of such persons and information on the quantities produced.

Directive 2004/48 was transposed into the Swedish legal order by amending the Swedish Copyright Act. The new provisions came into force on 1 April 2009.

Facts

Five audio book publishers, after discovering that several of their books were being made available online in the early hours of the same day in which the new provisions of the Swedish law came into force, applied to the judicial authority in Solna to obtain from the Swedish ISP ePhone the identity of the subscriber who had shared the infringing material.

After the Solna district court decided in favour of the companies, ePhone appealed to the Court of Appeal, which reversed its decision on the basis that the publishers were unable to prove the infringement of their IP rights. The publishers appealed to the Swedish Supreme Court, which decided to stay the proceedings and ask the ECJ:

whether Directive 2006/24 precludes the application of a national provision based on Directive 2004/48, according to which an ISP may be ordered to give a copyright holder information on a subscriber in civil proceedings, thus facilitating the identification of a particular subscriber claimed to have committed an infringement;

whether the fact that Sweden has not implemented, in the prescribed period, Directive 2006/24, had an impact on the previous question.

The Advocate General Niilo Jääskinen (‘the AG’) has now provided his opinion on these questions.

Analysis

In order to answer those questions, the AG looked at the material scope of Directive 2006/24 and taking into account that the procedure at hand was a civil one and that information had been requested by private parties, not by the competent national authority, the AG concluded that Directive 2006/24 was not applicable in this specific circumstance. This being so, the second question was dismissed as devoid of purpose.

Having said that, the AG investigated further the limits of the protection of personal data in relation to legislation, such as the Swedish approach which aimed to protect IP rights. This is where the AG's opinion gets really interesting.

The starting point of this part of the AG's reasoning is that, according to Article 6(b) of Directive 95/46, personal data must be collected for specified, explicit, and legitimate purposes and must not be further processed in a way that is incompatible with those well-defined purposes. Collection of personal data, methods used in order to do so, as well as its purposes must be decided in advance. Further processing of personal data in a way that is incompatible with those purposes is therefore not permitted.

This being the guiding principle, the AG turned to verify whether such provisions had been adopted at EU or national level.

As regards EU legislation, the AG observed that neither Directive 2002/58 nor Directive 2006/24 provided a possibility or an obligation to retain or to use personal data for cases of infringement of IP rights when such infringements are invoked by private parties, nor to use already existing data retained for different purposes. The AG also noted that, although Article 8 of Directive 2004/48 did make some reference to personal data, that provision specified neither the kind of personal data referred to nor the purpose or duration of its retention or the nature of the subjects entitled to access it in the case of infringement of IP rights.

The AG thus concluded that current EU legislation does not provide a discipline for the retention of personal data generated in connection with electronic communications and for their transmission in the case of infringement of IP rights invoked by private parties.

As regards Member States' legislation, the AG, drawing on Case C-275/06 Promusicae [2008] ECR I-271, affirmed that the basic and main principles of both the right to protection of IP rights and the right to data protection must be fully respected.

On this premise, the AG observed that, in order lawfully to transmit personal data, EU law requires that national legislation must expressly provide an obligation to retain personal data with a view to specifying the categories of data to be retained, purpose and duration for their retention, and the categories of people that can access the data. Using personal data retained for purposes different from those provided by the legislation would be contrary to personal data protection principles.

The AG's opinion seems to suggest a (questionable) watertight subdivision between IP rights and data protection. It seems that the AG excludes any (natural) reciprocal interference unless expressly provided. Further, the AG's opinion apparently underestimates the circumstance that, although requested by a private party, the access to personal data is ordered by a judge. Would the AG apply the same kind of test to other areas of EU law?

Practical significance

Should the ECJ follow the AG's opinion, publishers will be denied the right to obtain, in the course of civil proceedings, details about the identity of users connected to a specific Internet Protocol address that has been used to infringe copyright, such data having been clearly retained for purposes different from those at stake in the case at hand.

It is easily foreseeable, as emerged from the arguments put forward by the Member States that intervened in this preliminary reference, that many other EU Member States have copyright legislation similar to the Swedish Copyright Act and that therefore a not inconsiderable number of copyright owners could face the same obstacles to access personal data in similar circumstances. Should this be the case, national legislatures will soon be requested to address the issues raised by this case and to provide IP rights holders with adequate legal remedies. In the meantime, there is a considerable potential for an increase in litigation.

jiplp page views since November 2009

JIPLP by phone and QR

Our cover colour for 2015

About this weblog

The principal contents of this weblog are drawn from the Current Intelligence features which are published monthly in JIPLP.

Current Intelligence articles are designed to analyse recent key cases, legislation and topical matters. Normally they are of between 500 and 1,500 words (though in exceptional cases a greater word length may be agreed with the Editor).

The selected Current Intelligence articles are now posted on this weblog to enable readers to engage with them, posting comments if they so choose. All comments are moderated, which means that they will not appear immediately upon their being posted.

About the Journal

JIPLP is a peer-reviewed journal dedicated to intellectual property law and practice. Published monthly, coverage includes the full range of substantive IP topics, practice-related matters such as litigation, enforcement, drafting and transactions, plus relevant aspects of related subjects such as competition and world trade law.

The journal is specifically designed for IP lawyers, patent attorneys and trade mark attorneys both in private practice and working in industry. It also aims to be an essential source of reference for academics specialising in IP, members of the judiciary, officials in IP registries and regulatory bodies, and institutional libraries. Subject-matter covered is chosen for its practical relevance and international interest.

... and authors in search of an article

JIPLP is often approached by prospective authors who would like to write something, but who would appreciate guidance regarding subject-matter, style and so forth. Here are a few pointers:

* Ask yourself what is it that you'd like to read in the journal, since that is handy rule of thumb which probably reflects the interests of your colleagues and your competitors;

* IP law and practice is very much a 'here and now' activity for JIPLP subscribers. The history of a right may be inherently interesting, or even sometimes relevant to the resolution of a specific issue, but would you expect a reader to look for it in JIPLP?

* Recycled Masters' dissertations and university essays make poor articles and are often difficult to convert from a piece that is designed to display erudition and research ability into an article that addresses lawyers, businesses and decision-makers. It's usually easier to start afresh by working out who your readers are and what you want to tell them.

* Please comply with the authors' instructions and note the journal's preferred length for articles. Most authors like to publish long ones, but subscribers tend to prefer reading shorter ones.

Peer reviewers

All substantive articles published in JIPLP are peer-reviewed. If you'd like to be considered for admission to the roll of peer reviewers, please email Jeremy Phillips (Editor) here, and either attach a short-form CV or let him know of your credentials for reviewing articles on IP-related issues.